Beyond Bug Bounties: Crowdsourced Security Testing Evolves

Crowdsourced bug bounty programs help organizations identify severe flaws in their IT infrastructure, apps or other code. Now, that model is being used to help organizations perform more widespread security testing, including penetration testing as well as deep dives by single researchers, says Bugcrowd CSO David Baker.

"Traditionally ... you've had a large group of people sort of gamified - the first one to find a bug gets paid, and so that tends to work very well," Baker says.

But as technology evolves and more web and mobile applications rely on APIs, more specialized types of technology review and testing need to be brought to bear, he says. That's given rise to Bugcrowd's more "gig economy" approach, called researcher grants. "We will give a certain researcher a certain aspect of that technology to look at and research," Baker says, and then that researcher will produce a report with detailed findings that can also be used to also satisfy audit requirements.

About the Author

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;

Enter your email address to reset your password

Already have anISMG account?

Forgot Your Password Message:

Contact Us

Already have anISMG account?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.eu, you agree to our use of cookies.